3

I can’t get my SPF straight. My website is hosted on bluehost. I have tried their helpdesk but they were not very useful to say the least. I’m testing my emails with mail-tester.com and keep on running into new issues.

I have found this post to be useful: SPF Permanent Error: Too many DNS lookups

Especially Adam's answer.

I have tried several things but I’m down to my wit end.

One thing that seems to work for a while was this:

v=spf1 ip4:111.111.11.11 ip4:111.111.11.111 a mx include:_spf.bluehost.exemple.com include:_spf.google.com ~all

The ip addresses at the beginning were given by mail-tester has not having sender policy but of course the addresses kept changing.

After checking with this tool:

http://tools.bevhost.com/spf/

It seems that mails are coming from gateway24.websitewelcome.com. I went ahead and added this to my SPF as follow:

v=spf1 a mx include:_spf.bluehost.exemple.com include:_spf.gateway24.websitewelcome.com include:_spf.google.com ~all

Yesterday it was looking like that was the end of the story but today mail-tester.com is saying that none of those variations have an “applicable sender policy”:

_spf.bluehost.exemple.com

bluehost.exemple.com

_spf.bluehost.com

bluehost.com

Really can’t see what I’m missing here. Thanks a ton to anyone that tries to provide help.

Here is my current spf:

v=spf1 a mx include:bluehost.exemple.com include:_spf.gateway24.websitewelcome.com include:_spf.google.com ~all

Here is the entire message mail-tester is giving me:

dig +short TXT exemple.com :

• "v=spf1 a mx include:bluehost.exemple.com include:_spf.gateway24.websitewelcome.com include:_spf.google.com ~all"

• "google-site-verification=blablablablablablabla "

dig +short TXT @ns1.bluehost.com. exemple.com : • "v=spf1 a mx include:bluehost.exemple.com include:_spf.gateway24.websitewelcome.com include:_spf.google.com ~all"

• "google-site-verification=blablablablablablabla" spfquery --scope mfrom --id hello@exemple.com --ip 111.111.11.11 --helo-id gateway24.websitewelcome.com :

• permerror

• exemple.com: Included domain 'bluehost.exemple.com' has no applicable sender policy

• exemple.com: Included domain 'bluehost.exemple.com' has no applicable sender policy

• Received-SPF: permerror (exemple.com: Included domain 'bluehost.exemple.com' has no applicable sender policy) receiver=ns111111.ip-11-11-111.eu; identity=mailfrom; envelope-from="hello@exemple.com"; helo=gateway24.websitewelcome.com; client-ip=111.111.11.11

JanAurelius
  • 81
  • 1
  • 6
  • FYI, I've updated [my answer on that related question](https://stackoverflow.com/a/53562138/519360) to reflect the current bluehost.com SPF record (they changed a few things and you no longer need a custom clone of it). You seem to have concluded the same thing in your answer here. – Adam Katz Jul 05 '19 at 20:21
  • Possible duplicate of [SPF Permanent Error: Too many DNS lookups](https://stackoverflow.com/questions/51643001/spf-permanent-error-too-many-dns-lookups) – Adam Katz Jul 05 '19 at 20:23

1 Answers1

5

I managed to fix my SPF with the following:

v=spf1 a mx include:spf2.bluehost.com include:websitewelcome.com ~all

I found this tool to be useful:

https://mxtoolbox.com/spf.aspx

With mxtoolbox I could look into the SPF record included inside bluehost.com itself. I could see that they added saleforce's spf and other which weren't useful to me. Those extra SPF exceed the limit of 10 lookups, giving me poor rating on mail-tester.com

The only actually useful record was spf2.bluehost.com, the only one to resolve to actual IP adresses.

With mail-tester.com I could see that my mail are sent from websitewelcome.com's server.

So I added those two and that solved the issue.

Hope this help.

JanAurelius
  • 81
  • 1
  • 6
  • This is no longer sufficient, even just v=spf1 a mx include: include:websitewelcome.com ~all causes to exceed the limit :(. – Erwin Mayer Aug 29 '23 at 19:02